Frequently Asked Questions

Nov 19, 2019 - 09:45am

 [F] Frequently Asked Questions  / Operational Questions  /

Configuring EXPN and VRFY

Rate This FAQ
 (Not yet rated)

Created On: 29 Aug 2002 9:29 am
Last Edited: 12 Sep 2002 10:00 am

Question Email This Printer Friendly

What are the EXPN and VRFY options for in the Email Settings Control Panel, and how should they be configured?

Answer

EXPN and VRFY default to OFF.

While the RFC for these states that they should be on, RFCs are not always up to date with reality.

What they do (in brief):

VRFY permits someone to telnet to your server and verify that an email address is valid. Its purpose is to permit a remote server to check whether a particular email address is valid before sending email.

EXPN permits someone to telnet to your server and expand an alias into the list of actual email recipients. For example, if you have an email list called "greyhound-adoption", anyone could "expn greyhound-adoption" and get the list of all the member addresses in "greyhound-adoption".

Why the should be off (in brief):

For anti-spam, privacy, and security reasons, it is generally not a good idea to freely provide information about the users on your system or the users with which you communicate.